From: Patrick McHardy <kaber@trash.net>
To: James Morris <jmorris@redhat.com>
Cc: juha.heljoranta@evtek.fi, Rusty Russell <rusty@rustcorp.com.au>,
netfilter-devel@lists.netfilter.org
Subject: Re: Netfilter socket hooks
Date: Thu, 12 May 2005 02:12:43 +0200 [thread overview]
Message-ID: <42829F7B.40602@trash.net> (raw)
In-Reply-To: <Xine.LNX.4.44.0505111955060.15673-100000@thoron.boston.redhat.com>
James Morris wrote:
> What about adding an output hook to the table? This would make it much
> easier to manage rules.
Sure. For symetry, I would prefer only to pass packets with
skb->sk != NULL through OUTPUT and use skb->sk as socket argument
to ipt_do_table(). But rule mangement is still tricky since
only protocols which use sockets can be handled in the skfilter
table. A more radical approach would be to use the socket hooks
for filter/INPUT for all protocols with hooks - but I haven't
thought much about this yet.
Regards
Patrick
next prev parent reply other threads:[~2005-05-12 0:12 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-27 4:22 Status of owner-socketlookup James Morris
2005-04-27 4:22 ` David S. Miller
2005-04-27 4:44 ` James Morris
2005-04-27 10:09 ` Patrick McHardy
2005-04-27 13:59 ` James Morris
2005-04-27 14:04 ` Patrick McHardy
2005-04-27 18:47 ` David S. Miller
2005-04-27 14:40 ` Juha Heljoranta
2005-04-27 14:52 ` Patrick McHardy
2005-04-27 18:49 ` David S. Miller
2005-04-27 19:37 ` Patrick McHardy
2005-04-27 22:43 ` James Morris
2005-05-10 15:59 ` Netfilter socket hooks (was: Re: Status of owner-socketlookup) Patrick McHardy
2005-05-10 16:00 ` [netfilter socket hooks 1/5]: Add socket hook infrastructure Patrick McHardy
2005-05-11 23:22 ` James Morris
2005-05-11 23:27 ` James Morris
2005-05-11 23:27 ` Patrick McHardy
2005-05-10 16:00 ` [netfilter socket hooks 2/5]: Add protocol hooks Patrick McHardy
2005-05-10 16:01 ` [netfilter socket hooks 3/5]: Add struct sock * argument to ipt_do_table() Patrick McHardy
2005-05-10 16:01 ` [netfilter socket hooks 4/5]: Add struct sock * argument to match functions Patrick McHardy
2005-05-10 16:01 ` [netfilter socket hooks 5/5]: Add skfilter table Patrick McHardy
2005-05-10 18:26 ` Netfilter socket hooks (was: Re: Status of owner-socketlookup) James Morris
2005-05-10 20:37 ` Netfilter socket hooks Jonas Berlin
2005-05-11 0:04 ` David S. Miller
2005-05-11 23:57 ` Netfilter socket hooks (was: Re: Status of owner-socketlookup) James Morris
2005-05-12 0:12 ` Patrick McHardy [this message]
2005-04-27 6:04 ` [PATCH] owner-socketlookup update for 2.6.12-rc3 James Morris
2005-04-27 6:13 ` David S. Miller
2005-04-27 6:43 ` Patrick Schaaf
2005-04-27 6:55 ` Patrick Schaaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42829F7B.40602@trash.net \
--to=kaber@trash.net \
--cc=jmorris@redhat.com \
--cc=juha.heljoranta@evtek.fi \
--cc=netfilter-devel@lists.netfilter.org \
--cc=rusty@rustcorp.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.